From: Ben Hutchings <ben@decadent.org.uk>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: akpm@linux-foundation.org, Denis Kirjanov <kda@linux-powerpc.org>,
"Dan Carpenter" <dan.carpenter@oracle.com>,
"David S. Miller" <davem@davemloft.net>,
"kbuild test robot" <lkp@intel.com>,
"Jakub Kicinski" <jakub.kicinski@netronome.com>,
"Simon Horman" <simon.horman@netronome.com>
Subject: [PATCH 3.16 15/25] net: netem: fix error path for corrupted GSO frames
Date: Tue, 12 Nov 2019 23:48:12 +0000 [thread overview]
Message-ID: <lsq.1573602477.584421056@decadent.org.uk> (raw)
In-Reply-To: <lsq.1573602477.548403712@decadent.org.uk>
3.16.77-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Jakub Kicinski <jakub.kicinski@netronome.com>
commit a7fa12d15855904aff1716e1fc723c03ba38c5cc upstream.
To corrupt a GSO frame we first perform segmentation. We then
proceed using the first segment instead of the full GSO skb and
requeue the rest of the segments as separate packets.
If there are any issues with processing the first segment we
still want to process the rest, therefore we jump to the
finish_segs label.
Commit 177b8007463c ("net: netem: fix backlog accounting for
corrupted GSO frames") started using the pointer to the first
segment in the "rest of segments processing", but as mentioned
above the first segment may had already been freed at this point.
Backlog corrections for parent qdiscs have to be adjusted.
Fixes: 177b8007463c ("net: netem: fix backlog accounting for corrupted GSO frames")
Reported-by: kbuild test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Reported-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
net/sched/sch_netem.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- a/net/sched/sch_netem.c
+++ b/net/sched/sch_netem.c
@@ -506,6 +506,7 @@ static int netem_enqueue(struct sk_buff
(skb->ip_summed == CHECKSUM_PARTIAL &&
skb_checksum_help(skb))) {
rc = qdisc_drop(skb, sch);
+ skb = NULL;
goto finish_segs;
}
@@ -576,9 +577,10 @@ static int netem_enqueue(struct sk_buff
finish_segs:
if (segs) {
unsigned int len, last_len;
- int nb = 0;
+ int nb;
- len = skb->len;
+ len = skb ? skb->len : 0;
+ nb = skb ? 1 : 0;
while (segs) {
skb2 = segs->next;
@@ -595,7 +597,8 @@ finish_segs:
}
segs = skb2;
}
- qdisc_tree_reduce_backlog(sch, -nb, prev_len - len);
+ /* Parent qdiscs accounted for 1 skb of size @prev_len */
+ qdisc_tree_reduce_backlog(sch, -(nb - 1), -(len - prev_len));
}
return NET_XMIT_SUCCESS;
}
next prev parent reply other threads:[~2019-11-12 23:50 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-12 23:47 [PATCH 3.16 00/25] 3.16.77-rc1 review Ben Hutchings
2019-11-12 23:47 ` [PATCH 3.16 01/25] KVM: Introduce kvm_get_arch_capabilities() Ben Hutchings
2019-11-12 23:47 ` [PATCH 3.16 02/25] KVM: x86: use Intel speculation bugs and features as derived in generic x86 code Ben Hutchings
2019-11-12 23:48 ` [PATCH 3.16 03/25] x86/msr: Add the IA32_TSX_CTRL MSR Ben Hutchings
2019-11-12 23:48 ` [PATCH 3.16 04/25] x86/cpu: Add a helper function x86_read_arch_cap_msr() Ben Hutchings
2019-11-12 23:48 ` [PATCH 3.16 05/25] x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default Ben Hutchings
2019-11-12 23:48 ` [PATCH 3.16 06/25] x86/speculation/taa: Add mitigation for TSX Async Abort Ben Hutchings
2019-11-12 23:48 ` [PATCH 3.16 07/25] x86/speculation/taa: Add sysfs reporting " Ben Hutchings
2019-11-12 23:48 ` [PATCH 3.16 08/25] kvm/x86: Export MDS_NO=0 to guests when TSX is enabled Ben Hutchings
2019-11-12 23:48 ` [PATCH 3.16 09/25] x86/tsx: Add "auto" option to the tsx= cmdline parameter Ben Hutchings
2019-11-12 23:48 ` [PATCH 3.16 10/25] x86/speculation/taa: Add documentation for TSX Async Abort Ben Hutchings
2019-11-12 23:48 ` [PATCH 3.16 11/25] x86/tsx: Add config options to set tsx=on|off|auto Ben Hutchings
2019-11-12 23:48 ` [PATCH 3.16 12/25] x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs Ben Hutchings
2019-11-12 23:48 ` [PATCH 3.16 13/25] x86/bugs: Add ITLB_MULTIHIT bug infrastructure Ben Hutchings
2019-11-12 23:48 ` [PATCH 3.16 14/25] drm/i915/gen8+: Add RC6 CTX corruption WA Ben Hutchings
2019-11-12 23:48 ` Ben Hutchings [this message]
2019-11-12 23:48 ` [PATCH 3.16 16/25] ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe() Ben Hutchings
2019-11-12 23:48 ` [PATCH 3.16 17/25] media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap Ben Hutchings
2019-11-12 23:48 ` [PATCH 3.16 18/25] media: technisat-usb2: break out of loop at end of buffer Ben Hutchings
2019-11-12 23:48 ` [PATCH 3.16 19/25] ax25: enforce CAP_NET_RAW for raw sockets Ben Hutchings
2019-11-12 23:48 ` [PATCH 3.16 20/25] ieee802154: " Ben Hutchings
2019-11-12 23:48 ` [PATCH 3.16 21/25] appletalk: " Ben Hutchings
2019-11-12 23:48 ` [PATCH 3.16 22/25] mISDN: " Ben Hutchings
2019-11-12 23:48 ` [PATCH 3.16 23/25] nfc: " Ben Hutchings
2019-11-12 23:48 ` [PATCH 3.16 24/25] cfg80211: wext: avoid copying malformed SSIDs Ben Hutchings
2019-11-12 23:48 ` [PATCH 3.16 25/25] rtlwifi: Fix potential overflow on P2P code Ben Hutchings
2019-11-13 18:13 ` [PATCH 3.16 00/25] 3.16.77-rc1 review Guenter Roeck
2019-11-13 18:31 ` Ben Hutchings
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=lsq.1573602477.584421056@decadent.org.uk \
--to=ben@decadent.org.uk \
--cc=akpm@linux-foundation.org \
--cc=dan.carpenter@oracle.com \
--cc=davem@davemloft.net \
--cc=jakub.kicinski@netronome.com \
--cc=kda@linux-powerpc.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lkp@intel.com \
--cc=simon.horman@netronome.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox